Internal Infrastructure Testing

An attacker's ultimate goal is often to steal your crown jewels, the data that is most important to your business. In many organisations, this data resides on the 'internal' (typically Windows) office network. A common attack path is to breach an organisation's perimeter, take a position on the internal network and find a path to these crown jewels.

Get Instant Online Quote

The basics

What is Internal Infrastructure Penetration Testing?

Internal Infrastructure penetration testing is ethical hacking of the internal Windows (usually) network infrastructure that belongs to an organisation. The objectives of this penetration testing service are;

  • Identify unpatched systems
  • Identify insecure systems and services
  • Take control of workstations or servers on the network
  • To compromise staff user accounts
  • Intercept encrypted passwords on the network and attempt to crack them
  • Attempt to brute force accounts for network services, such as databases or web services
  • To compromise privileged accounts such as domain administrators
  • Attempt to access sensitive or mission-critical information
  • Demonstrate it is possible to gain a foothold in the network and remain there
  • Eavesdrop on sensitive network communications

These are the exact actions a real-world attacker will carry out once they have gained initial access to your internal network.

A note on COVID-19: We are able to perform internal infrastructure remotely, without requiring a consultant to come to your premises. We will provide details of this during the booking process.

Testing Benfits

What are the benefits of Internal Infrastructure Pentesting?

When an attacker is targeting an organisation, their ultimate aim is to gain access to the internal network of that organisation. They will attempt to do so by attacking the perimeter of the business, or by using social engineering attacks such as phishing.

Once an attacker has an initial foothold in the internal network, they will typically attempt to find and compromise the organisation’s ‘crown jewels’; whatever data or assets you have that are most valuable to your organisation. Attackers do this by traversing across the network, compromising various accounts and machines, gradually gaining deeper and deeper access until they have reached their goal.

The purpose of an internal infrastructure pentest is to determine how well protected your network is against attackers in this initial ‘foothold’ position, and how easy or otherwise it is for them to navigate through the network and steal your crown jewels, or take control of your domain.

The benefit of this kind of test is that our testers will find these holes in your networks and systems, they will discover the paths to your crown jewels in a safe and controlled manner, so that you can fix the weaknesses before the bad guys find them.

Manual Not Automated

What will we find in an Internal Infrastructure Penetration Test?

You will learn a lot from the results of one of our internal pentests. Here’s what we’ll give you:

  • A detailed narrative of how our testers combined vulnerabilities, navigated and compromised your network
  • Details on the main vulnerabilities we found in the network
  • Details on any weak passwords we cracked during the test
  • Details on all service misconfigurations
  • And most importantly, detailed information on how to fix what we found, to stop real-life attackers from breaching the network

CREST Registered - CREST Certified

Are you CREST Certified?

OnSecurity is a CREST (Council of Registered Ethical Security Testers) approved vendor. This means that all our test methodologies, processes, policies and procedures have been externally vetted by CREST to ensure we are operating to the highest standards possible in the pentesting industry.

On top of this the majority of our testers are CREST certified, meaning they have been through a CREST assault course (or CREST-recognised equivalent) to ensure they have the requisite skills needed to find and exploit vulnerabilities in a safe and controlled manner.

This external validation means you can be confident your pentests are being carried out to the highest standard, by vetted and tested consultants, who use a best-in-class manual-first approach to testing.

Getting Started

Booking your Internal Infrastructure Penetration Test

Booking one of our penetration testing services couldn’t be simpler. There are no phone calls or emails needed, all it takes is for you to answer two quick questions and we’ll get you onto our industry-leading Test:Flow platform.

From here, we’ll have the ability to provide you with an instant online quote for your required service.

We will begin your chosen penetration testing service on the date selected by you and begin reporting our findings as and when we discover them. There is no waiting around for weeks for these to come through, we’ll provide you with the information when we have it ourselves.

Get A Quote

Services

Our Services Area

Web Application Testing

Make sure hackers can’t steal data via your main web app, and protect your app users.

Read More

Mobile Application Testing

Android, iOS and cross platform we test them all.

Read More

Cloud Security Testing

Make sure your deployments are secure - including AWS, Azure and GCP.

Read More

External Infrastructure Testing

Test to see how your external IT perimeter would hold up against intruders.

Read More

Internal Infrastructure Testing

See what hackers can do once they are inside your network.

Read More

Phishing Simulation

32% of breaches involve phishing, test to make sure you’re not next.

Read More

Physical Penetration Testing

Office blocks, factories and power plants - if it has a door we can test it.

Read More

Social Engineering

Grabbing sensitive information over the phone or via email - you’ll be suprised what attackers can get

Read More

Need A Hand?

Get In Touch